: From: Paul Robinson <PAUL@tdr.com> : Gee, this sounds like Phil Karn's S/Key system only without changing the : keys. If it is really something different, a combination of both would : be very interesting. : S/Key seems to be almost identical with this system, including the list : of words, the use of a nondisclosed shared secret, and so on. The only : difference being that S/Key generates the challenge on a "one time pad" : e.g. the next time you log in it's a different computation because the : count isn't the same. Unless I missed something, it isn't even as good as s/key. This one needs a stored *secret* to generate the response. In s/key, the host only stores something derived from the secret, and it can be in a public file. So this new thing would be compromised if the host was compromised. G